US12395355B2ActiveUtilityA1

Method for securely replacing a first manufacturer certificate already introduced into a device

43
Assignee: Siemens Mobility GmbHPriority: Aug 17, 2017Filed: Aug 9, 2018Granted: Aug 19, 2025
Est. expiryAug 17, 2037(~11.1 yrs left)· nominal 20-yr term from priority
G06F 21/57H04L 63/0823H04L 9/3268G06F 21/44
43
PatentIndex Score
0
Cited by
24
References
10
Claims

Abstract

Provided is a method for the secure replacement of a first manufacturer certificate already incorporated into a device with a second manufacturer certificate, having the steps: —identifying at least one specific device-related parameter that uniquely identifies the device and that is contained in the first manufacturer certificate and uniquely identifies the device from a trusted device database, —generating a second manufacturer certificate containing at least the specific device-related parameter of the first certificate; and —incorporating the first manufacturer certificate into the device through the second manufacturer certificate, as well as a system designed to perform the method.

Claims

exact text as granted — not AI-modified
The invention claimed is: 
     
       1. A method for securely replacing a first manufacturer certificate, already introduced into a device, with a second manufacturer certificate, the first manufacturer certificate and the second manufacturer certificate being used for proving originality and as trust anchors for requesting further security-relevant data, the method comprising:
 ascertaining at least one specific device-related parameter that explicitly characterizes the device, which is contained in the first manufacturer certificate and uniquely identifies the device from a trusted device database, wherein a first certificate authority and the trusted database are present within a network, and the first certification authority issues the first manufacture certificate to the device; 
 in response to a first certification authority becoming compromised, removing the first certification authority from the network so that a second certification authority is present in the network and connected to the trusted database over the network; 
 generating, by the second certification authority, the second manufacturer certificate comprising at least the explicitly characterizing device-related parameter of the first certificate and a public key of the device, wherein the trusted device database is used to ascertain all devices connected to an installation network to which the first manufacturer certificate has been issued by the compromised first certification authority; and 
 replacing the first manufacturer certificate issued by the first certification authority with the second manufacturer certificate generated by the second certification authority in the device, wherein the public key of the device is introduced into the second manufacturer certificate and is different than a public key of the first manufacturer certificate, and a private key associated with the public key of the device is provided to the device in a manner cryptographically protected by the public key of the first manufacturer certificate. 
 
     
     
       2. The method as claimed in  claim 1 , wherein the specific device-related parameter is a unique serial number of the device. 
     
     
       3. The method as claimed in  claim 1 , wherein the second manufacturer certificate is introduced into the device during a change of configuration of the device, or while an operative certificate is being updated. 
     
     
       4. The method as claimed in  claim 1 , wherein a certificate serial number of the second manufacturer certificate and/or a validity period of the second manufacturer certificate, is generated independently of the corresponding parameters of the first certificate. 
     
     
       5. The method as claimed in  claim 1 , wherein at least one further device-related parameter of the first certificate is ascertained from the trusted device database and is transferred to the second manufacturer certificate as a parameter. 
     
     
       6. The method as claimed in  claim 1 , wherein the second certification authority generates the second manufacturer certificate and signs the second manufacturer certificate using the private key of the second certification authority, and the second manufacturer certificate is transmitted with a certificate of the second certification authority to the device, and the device accepts the second manufacturer certificate as a new manufacturer certificate. 
     
     
       7. The method as claimed in  claim 1 , wherein the public key of the device in the first manufacturer certificate is transferred to the second manufacturer certificate as a public key. 
     
     
       8. A system having a security function based on a public key infrastructure, comprising:
 one or more processors associated with at least one trusted device database, at least one certification authority, and at least one device, the one or more processors configured to perform a method, the method comprising: 
 ascertaining at least one specific device-related parameter that explicitly characterizes the device, which is contained in the first manufacturer certificate and uniquely identifies the device from a trusted device database, wherein a first certificate authority and the trusted database are present within a network, and the first certification authority issues the first manufacture certificate to the device; 
 in response to a first certification authority becoming compromised, removing the first certification authority from the network so that a second certification authority is present in the network and connected to the trusted database over the network; 
 generating, by the second certification authority, the second manufacturer certificate comprising at least the explicitly characterizing device-related parameter of the first certificate and a public key of the device, wherein the trusted device database is used to ascertain all devices connected to an installation network to which the first manufacturer certificate has been issued by the compromised first certification authority; and 
 replacing the first manufacturer certificate issued by the first certification authority with the second manufacturer certificate generated by the second certification authority in the device, wherein the public key of the device is introduced into the second manufacturer certificate and is different than a public key of the first manufacturer certificate, and a private key associated with the public key of the device is provided to the device in a manner cryptographically protected by the public key of the first manufacturer certificate. 
 
     
     
       9. The system as claimed in  claim 8 , which is a part of an industrial installation. 
     
     
       10. A computer program product comprising a non-transitory computer readable storage medium having instructions, which, when executed by a processor, performs a method comprising:
 ascertaining at least one specific device-related parameter that explicitly characterizes the device, which is contained in the first manufacturer certificate and uniquely identifies the device from a trusted device database, wherein a first certificate authority and the trusted database are present within a network, and the first certification authority issues the first manufacture certificate to the device; 
 in response to a first certification authority becoming compromised, removing the first certification authority from the network so that a second certification authority is present in the network and connected to the trusted database over the network; 
 generating, by the second certification authority, the second manufacturer certificate comprising at least the explicitly characterizing device-related parameter of the first certificate and a public key of the device, wherein the trusted device database is used to ascertain all devices connected to an installation network to which the first manufacturer certificate has been issued by the compromised first certification authority; and 
 replacing the first manufacturer certificate issued by the first certification authority with the second manufacturer certificate generated by the second certification authority in the device, wherein the public key of the device is introduced into the second manufacturer certificate and is different than a public key of the first manufacturer certificate, and a private key associated with the public key of the device is provided to the device in a manner cryptographically protected by the public key of the first manufacturer certificate.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.